Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection. Freezes, Errors, Blue Screens, Random Restarts, Poor Performance...


  • This topic is locked This topic is locked
2 replies to this topic

#1 Ms_Dee01

Ms_Dee01

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:03:37 PM

Posted 07 August 2012 - 10:37 AM

Hello all,

First, I am running Windows Vista Home Premium 32-bit Service Pack 2.

On to the issue(s)... I have let my teenage son use my computer. I am not sure what he did or his browsing activity. Well, Avast let me know I was infected with INF:AutoRun-AA and JS:Redirector-SQ in two separate instances and supposedly Avast took care of them. Well, I thought it was all done but lately I get error warnings, my computer freezes every time I use it, performance and internet are super sluggish, I get random restarts, and I keep getting blue screens. I have ran several scans including Boot scans with Avast, RootRepeal, and TDSS Killer; nothing found. Have I have Avast as my Anti-virus program so I run scans on a regular basis, along with Disk clean ups and Defrags as part of regular maintenance. I have recently added CCleaner as part of my routine. I have also ran MBAM, Spybot Search and Destroy,Kaspersky Online Scans, Eset... to see if I could find what is going on but nothing found, yet problems still persists.

Today, I tried running HiJack This and I got a warning stating: "For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this..." I did disable Avast first before the scan. I've also tried to run it as Admin but it will NOT allow me to do so. The "Run as Administrator" option doesn't appear on the menu... I am not sure what is going on and now here I am...

Enclosed are my DDS and GMER logs. Thanks in advance for all of your help!

Dee


-------------------------------------------------------------------------------------------------------------------------

DSS LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/30/2011 7:07:15 PM
System Uptime: 8/7/2012 12:36:28 AM (1 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | U2E1 | 1333/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 29.903 GiB free.
D: is FIXED (NTFS) - 19 GiB total, 18.686 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: isatap.clearwire-wmx.net
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: isatap.clearwire-wmx.net
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0003
Manufacturer: Microsoft
Name: isatap.clearwire-wmx.net
PNP Device ID: ROOT\*ISATAP\0003
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0006
Manufacturer: Microsoft
Name: isatap.clearwire-wmx.net
PNP Device ID: ROOT\*ISATAP\0006
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0008
Manufacturer: Microsoft
Name: isatap.{02274642-163E-45BD-BC61-CC6CE21E8919}
PNP Device ID: ROOT\*ISATAP\0008
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0009
Manufacturer: Microsoft
Name: isatap.clearwire-wmx.net
PNP Device ID: ROOT\*ISATAP\0009
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
4500_Help
AAA Logo Business Edition 3.10
Acronis True Image WD Edition
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BackupManager
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Codec
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities Original Data Security Tools
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities WFT-E1/E2/E3/E4 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CLEAR Connection Manager
Compatibility Pack for the 2007 Office system
D3DX10
DesignPro 5
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocMgr
DocProc
Dropbox
ESET Online Scanner v3
ESU for Microsoft Vista
eSupportQFolder
Fax
GIMP 2.6.11
Google Chrome
GPBaseService
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
High-Definition Video Playback
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Doc Viewer
HP Document Manager 1.0
HP Easy Setup - Frontend
HP Help and Support
HP Imaging Device Functions 10.0
HP Officejet J4500 Series
HP Product Detection
HP Quick Launch Buttons 6.20 B1
HP QuickPlay 3.2
HP Solution Center 13.0
HP Total Care Advisor
HP Update
HP User Guides 0057
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPDiagnosticAlert
HPNetworkAssistant
HPProductAssistant
HTC Driver Installer
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Rapid Storage Technology
Intel® TV Wizard
iTunes
J4500
Java Auto Updater
Java™ 6 Update 31
Junk Mail filter update
K-Lite Codec Pack 8.2.0 (Full)
LeapFrog Connect
LeapFrog MyOwnLeaptop Plugin
LeapFrog Tag Plugin
LightScribe Diagnostic Utility
LightScribe System Software
LightScribe Template Designs - Life Events Pack 1
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Fix it Center
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Motorola SM56 Data Fax Modem
Mozilla Firefox 10.0.2 (x86 en-US)
MSCU for Microsoft Vista
MSVCRT
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 ClipartPack
Nero 10 Kwik Themes 1
Nero 10 Kwik Themes 2
Nero 10 Kwik Themes 3
Nero 10 Kwik Themes 4
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero 10 PiP EffectPack 1
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero 10 Video TransitionPack 1
Nero Audio Pack 1
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Core Components 11
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Multimedia Suite 10 Platinum HD
Nero Prerequisite Installer 1.0
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
nero.prerequisites.msi
Netflix in Windows Media Center
Outlook Setup Tool
PeerBlock 1.0+ (r484)
Photodex Presenter
ProductContext
ProShow Producer
QuickGamma 2.0.0.3
QuickMonitorProfile 2.1.0.1
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtime Landscaping Plus 2012 Trial
Revo Uninstaller 1.94
Rhapsody Player Engine
Roxio Activation Module
Scan
Seagate Dashboard
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Segoe UI
SolutionCenter
Spybot - Search & Destroy
Status
StudioCloud 3.0
Synaptics Pointing Device Driver
System Requirements Lab for Intel
TeraCopy 2.27
Toolbox
TrayApp
Unlocker 1.9.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Use the entry named LeapFrog Connect to uninstall (LeapFrog MyOwnLeaptop Plugin)
Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
WebReg
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.01 (32-bit)
Workspace Desktop
Yahoo! Install Manager
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 12:42:09 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/7/2012 12:41:39 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/7/2012 12:41:39 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/7/2012 12:40:47 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/7/2012 12:38:58 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
8/7/2012 12:38:32 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/7/2012 12:38:32 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/6/2012 8:09:51 PM, Error: EventLog [6008] - The previous system shutdown at 8:06:23 PM on 8/6/2012 was unexpected.
8/6/2012 8:02:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
8/6/2012 7:57:23 PM, Error: EventLog [6008] - The previous system shutdown at 7:50:23 PM on 8/6/2012 was unexpected.
8/6/2012 3:30:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
8/6/2012 3:29:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/6/2012 3:23:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/6/2012 3:04:09 PM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Search service to connect.
8/6/2012 3:04:09 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2012 3:03:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/6/2012 3:03:43 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.
8/6/2012 3:03:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/6/2012 2:53:49 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/6/2012 2:53:49 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/6/2012 2:53:49 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/6/2012 2:49:22 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume G:.
8/6/2012 2:46:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/6/2012 2:28:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/6/2012 2:10:16 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1433.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
8/6/2012 2:10:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
8/6/2012 2:02:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/6/2012 2:01:56 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 2:00:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi MpFilter spldr Wanarpv6
8/6/2012 2:00:58 PM, Error: Service Control Manager [7001] - The Windows Media Center Extender Service service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 2:00:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/6/2012 2:00:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/6/2012 2:00:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/6/2012 2:00:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/6/2012 1:59:56 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be started in Safe Mode .
8/6/2012 1:59:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
8/6/2012 1:59:26 PM, Error: EventLog [6008] - The previous system shutdown at 1:57:06 PM on 8/6/2012 was unexpected.
8/6/2012 1:50:05 PM, Error: EventLog [6008] - The previous system shutdown at 1:48:42 PM on 8/6/2012 was unexpected.
8/6/2012 1:41:42 PM, Error: EventLog [6008] - The previous system shutdown at 1:40:22 PM on 8/6/2012 was unexpected.
8/6/2012 1:13:12 PM, Error: EventLog [6008] - The previous system shutdown at 11:08:01 PM on 8/5/2012 was unexpected.
8/5/2012 4:23:54 AM, Error: EventLog [6008] - The previous system shutdown at 12:33:08 AM on 8/5/2012 was unexpected.
8/4/2012 9:57:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:13:15 PM on 8/4/2012 was unexpected.
8/4/2012 3:02:14 PM, Error: EventLog [6008] - The previous system shutdown at 1:03:06 PM on 8/4/2012 was unexpected.
8/4/2012 12:55:21 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/4/2012 11:21:07 PM, Error: EventLog [6008] - The previous system shutdown at 11:17:05 PM on 8/4/2012 was unexpected.
8/4/2012 11:17:05 PM, Error: EventLog [6008] - The previous system shutdown at 11:15:03 PM on 8/4/2012 was unexpected.
8/4/2012 10:26:03 AM, Error: EventLog [6008] - The previous system shutdown at 10:23:44 AM on 8/4/2012 was unexpected.
8/4/2012 10:26:02 PM, Error: EventLog [6008] - The previous system shutdown at 10:23:14 PM on 8/4/2012 was unexpected.
8/4/2012 1:48:41 AM, Error: EventLog [6008] - The previous system shutdown at 1:46:42 AM on 8/4/2012 was unexpected.
8/4/2012 1:43:46 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
8/3/2012 3:58:42 PM, Error: EventLog [6008] - The previous system shutdown at 2:55:08 PM on 8/3/2012 was unexpected.
8/3/2012 11:44:25 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/3/2012 11:44:24 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
8/3/2012 11:28:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
8/3/2012 11:27:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
8/3/2012 11:17:36 PM, Error: EventLog [6008] - The previous system shutdown at 7:21:48 PM on 8/3/2012 was unexpected.
.
==== End Of File ===========================





-----------------------------------------------------------------------------------------------------------------

Attached File  GMER Log 8_7_2012.log   83.75KB   1 downloads

Attached Files


Edited by Ms_Dee01, 07 August 2012 - 10:39 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:37 PM

Posted 12 August 2012 - 09:10 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

I also need to see the DDS.txt log. You have attached and posted the attach.txt file.

Please post the logs for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:37 PM

Posted 18 August 2012 - 09:20 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users